62 – passt/pasta silently mishandles IPv4 fragments received on tap interface

Bug 62 - passt/pasta silently mishandles IPv4 fragments received on tap interface

Summary: passt/pasta silently mishandles IPv4 fragments received on tap interface

Status:	RESOLVED FIXED

Alias:	None

Product:	passt
Classification:	Unclassified
Component:	IPv4 (show other bugs)
Version:	unspecified
Hardware:	All Linux

Importance:	Normal normal
Assignee:	David Gibson

URL:

Depends on:
Blocks:	55
	Show dependency tree

Reported:	2023-07-04 03:06 UTC by David Gibson
Modified:	2023-07-08 08:32 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Gibson 2023-07-04 03:06:27 UTC

passt has no support for handling IPv4 fragmentation.  This doesn't generally cause a problem, because our tap-side MTU is so large that fragmentation will almost never occur in practice.

If for some reason (e.g. a misconfigured or malicious guest) we do receive IPv4 fragments from the guest, we will not give an error but misinterpret them: we'll treat each fragment as if it was an entire IP packets, which could have strange, hard to debug effects (bug 55 is a fairly tame example)

Handling IPv4 defragmentation is complicated, and probably not useful for real cases.  However we should at least print some sort of error so that it's obvious what's going on if we do hit one of these edge cases.

Comment 1 David Gibson 2023-07-04 04:36:36 UTC

Patch sent.

Comment 2 David Gibson 2023-07-08 08:32:50 UTC

Patch merged.

Note You need to log in before you can comment on or make changes to this bug.